Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XIV - Issue #66

August 17, 2012

Save $300 on the workshop on stopping APT attacks (based on the
Australian technique briefed at the White House) that will be at the
National Cybersecurity Innovation Conference in Baltimore. Register
before Sept 5. Also featured is an extraordinary new NSA brief on
Non-Persistent Desktop Browsing that effectively addresses the rapidly
increasing security threat stemming from malicious software (malware)
used by nation states and in cyber crime; extremely low cost and
effective implementation of continuous monitoring and mitigation (NASA),
plus briefings on the most important and effective technologies for
implementing the 20 critical controls and more. Big exhibit of
substantially all the security tools that matter for continuous
monitoring and automation of the 20 critical controls, and the system
integrators who have a clue about implementing the controls and
continuous monitoring. Register at www.sans.org/ncic-2012

Plus Melbourne, Dubai, San Diego, Johannesburg, Seoul, and Tokyo all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ***************************************************************************

Syrian Dissidents are Target of Malware Attack (August 15, 2012)

The Electronic Frontier Foundation (EFF) says that Syrian journalists, activists, and people involved with government opposition groups are being targeted with malware. The people are lured into downloading the malware because it is disguised as a security package. Once it is downloaded onto a computer, it can monitor people through webcams, disable anti-virus programs, steal passwords and delete data. -http://news.cnet.com/8301-1009_3-57494231-83/syrian-dissidents-besieged-by-malware-attacks/[Editor's Note (Murray): Most computer users cannot manage their systems in such a way as to make them resistant to nation states. While modern networks have proved to be very effective in organizing insurrections, they will inevitably compromise some of the users. ]

The American Civil Liberties Union (ACLU) is suing the US Justice Department (DOJ); the documents filed in US District Court in New York seek the release memos regarding the FBI's use of GPS technology. The information is being sought in the wake of a Supreme Court decision that said placing a GPS tracking device on a suspect's vehicle is equivalent to a search under the Fourth Amendment. The memos being sought are the FBI's guidelines to agents regarding the use of the GPS devices to track suspects. -http://www.nextgov.com/mobile/2012/08/aclu-sues-fbi-gps-tracking-guidelines/57452/?oref=ng-HPriver[Editor's Comment (Northcutt): The article has almost no information thought this is a fascinating and relevant problem. If anyone sees reporting on this topic supported by references, I would love to receive the URLs (Stephen@sans.edu).]

County Jail Nurses Unhappy With Electronic Health Record System (August 15, 2012)

Nurses at the Contra Costa County (California) jail are not happy with their new electronic health records (EHR) system. One nurse alleges that the system recommended a dose of medication for a heart patient that could have been fatal if the error had not been caught. The EHR system integrates the jail's medical records with county health records. During its first month, the system received 142 complaints from nurses. The nurse who caught the inaccurate drug recommendation said that those responsible for training staff on the HER system had told county officials that there were problems with the system. -http://www.nextgov.com/health/2012/08/jailed-man-narrowly-escapes-fatal-error-electronic-health-record/57439/?oref=ng-HPtopstory[Editor's Note (Murray): Still, it is the paper medical record systems that are killing and impoverishing us. ]

NIST to Release Draft of New Government Encryption Standard Guidelines (August 15, 2012)

The US National Institute of Standards and Technology (NIST) plans to release a draft regarding a new government encryption standard. Currently, NIST's standard requires that government agencies support Transport Layer Security (TLS) 1.0 encryption; the update will require TLS 1.1 and 1.2. This means that "some agencies ... will need to ... acquire new web server products to support" the new versions of TLS. The lag time between a release for public review and finalization of a standard is usually about six months. NIST's draft document for public comment is expected to be released next month. -http://www.computerworld.com/s/article/9230330/New_NIST_encryption_guidelines_may_force_agencies_to_replace_old_websites?taxonomyId=244[Editor's Note (Ullrich): The move to TLS 1.1 and 1.2 is overdue, and hopefully this will get vendors on board to support it. It is still non-trivial to use TLS 1.1 or 1.2 with Apache on many mainstream Linux distributions. ]

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/